Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa zida zogawa zopangira ma firewall a IPFire 2.25

Kutulutsidwa kwa zida zogawa zopangira ma firewall a IPFire 2.25

Ipezeka kutulutsidwa kwa zida zogawa zopangira ma routers ndi ma firewall IPFire 2.25 Kore 141. IPFire imasiyanitsidwa ndi njira yosavuta yokhazikitsira ndi kulinganiza kasinthidwe kudzera pa intaneti yowoneka bwino, yodzaza ndi zithunzi. Kuyika kukula iso chithunzi ndi 290 MB (x86_64, i586, ARM).

Dongosololi ndi modular, kuwonjezera pa ntchito zoyambira zosefera paketi ndi kasamalidwe ka traffic kwa IPFire, ma modules amapezeka ndi kukhazikitsa dongosolo loletsa kuukira kochokera ku Suricata, popanga seva yamafayilo (Samba, FTP, NFS), a seva yamakalata (Cyrus-IMAPd, Postfix, Spamassassin, ClamAV ndi Openmailadmin) ndi seva yosindikizira (CUPS), kukonza chipata cha VoIP chochokera ku Asterisk ndi Teamspeak, kupanga malo opanda zingwe, kukonza seva yomvera ndi makanema (MPFire, Videolan). , Icecast, Gnump3d, VDR). Kuyika zowonjezera mu IPFire, woyang'anira phukusi wapadera, Pakfire, amagwiritsidwa ntchito.

M'kutulutsa kwatsopano:

  • Zida zogwiritsiridwanso ntchito ndi zolemba zogawa zokhudzana ndi DNS:
    • Thandizo lowonjezera la DNS-over-TLS.
    • Zokonda pa DNS zalumikizidwa pamasamba onse a intaneti.
    • Tsopano ndizotheka kutchula ma seva opitilira awiri a DNS pogwiritsa ntchito seva yothamanga kwambiri kuchokera pamndandanda wosasinthika.
    • Yowonjezera QNAME Minimization mode (RFC-7816) kuti muchepetse kufalitsa kwa zidziwitso zowonjezera pazopempha kuti mupewe kutayikira kwa chidziwitso cha dera lomwe mwapemphedwa ndikuwonjezera zinsinsi.
    • Zosefera zakhazikitsidwa kuti zisefe masamba a akulu okha pamlingo wa DNS.
    • Nthawi yotsegula yapititsidwa patsogolo pochepetsa kuchuluka kwa macheke a DNS.
    • Njira yogwirira ntchito yakhazikitsidwa ngati woperekayo asefa zopempha za DNS kapena kuthandizira kolakwika kwa DNSSEC (pakakhala zovuta, zoyendera zimasinthidwa kukhala TLS ndi TCP).
    • Kuti athetse mavuto ndi kutayika kwa mapaketi ogawanika, kukula kwa EDNS bafa kumachepetsedwa kukhala 1232 bytes (mtengo 1232 unasankhidwa chifukwa ndipamwamba kwambiri pamene kukula kwa yankho la DNS, poganizira IPv6, kumagwirizana ndi mtengo wochepa wa MTU. (1280).
  • Zosinthidwa phukusi, kuphatikizapo GCC 9, Python 3, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc 1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. osamangidwa 1.9.6.
  • Zowonjezera zothandizira zinenero za Go ndi Rust. Cholemba chachikulu chimaphatikizapo msakatuli wa elinks ndi phukusi rfkill.
  • Zowonjezera zosinthidwa zatsitsidwa ndi 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, to 0.4.2.5, tshark 3.0.7. Adawonjezera chowonjezera chatsopano cha amazon-ssm-agent kuti athandizire kuphatikizana ndi mtambo wa Amazon.
  • Zambiri zosokoneza mumafayilo omwe angathe kuchitidwa zatsukidwa kuti muchepetse kukula kwa kugawa pambuyo pa kukhazikitsa.
  • Thandizo lowonjezera la magawo a LVM.
  • Kuthandizira kusefa mapaketi a netiweki kuchokera kwa makasitomala a OpenVPN awonjezedwa ku IPS (Intrusion Prevention System);
  • Ku Pakfire, HTTPS imagwiritsidwa ntchito kuyika mndandanda wa magalasi (m'mbuyomu, pempho loyamba linali kudzera pa HTTP, ndipo seva imatulutsanso ku HTTPS).

Source: opennet.ru

Kuwonjezera ndemanga